As Uber has expanded — opening offices in 78 countries worldwide — sometimes local authorities have raided its offices. Police have wanted emails, documents and information on drivers and employees. It’s happened in Paris, Hong Kong, Montreal and.
In order to address these types of situations, the ride-hailing company uses software to protect its data, which is commonplace among companies that operate internationally. One type of software the company devised and reportedly used from Spring 2015 to late 2016 was called Ripley, according to a report by Bloomberg.
Ripley — which was said to be named after Sigourney Weaver’s character in the 1979 sci-fi movie “Alien” — could remotely disable, lock or change the password on employees’ computers and smartphones.
The idea was for Uber’s team at its San Francisco headquarters to be able to shut down a device if necessary. The company used it at least two dozen times in situations with authorities in foreign countries, according to Bloomberg.
Uber said it no longer uses Ripley because it wasn’t effective. It now uses an off-the-shelf software called Prey and another type of software it built called uLocker. Uber said this software is necessary to protect company data, along with the privacy of passengers, drivers and Uber employees.
Uber has a long history of clashing with government regulators. In the past, itwith authorities across the US, Europe, Canada, Latin America and Asia for brushing aside local laws and rolling out its service without first asking permission. But in the case with Ripley, the company said it was in the right.
“Like every company with offices around the world, we have security procedures in place to protect corporate and customer data,” an Uber spokeswoman said. “When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”
Uber used Ripley during a raid in Montreal in May 2015, according to Bloomberg. The Quebec tax authority arrived at the ride-hailing company’s local office unannounced with a warrant. Uber’s on-site managers followed protocol and alerted company headquarters about what was happening. Using Ripley, staff in San Francisco reportedly remotely logged off all employees’ computers in Montreal. The investigators were said to have left empty handed.
Uber said it’s typical to alert headquarters when someone arrives at one of its foreign offices unannounced; and that all of its employees are trained on policies and procedures to safeguard its data.
“In the event that regulators arrive at the front door of the office, please make sure that anyone tending the reception/front desk is familiar and comfortable to do the following actions,” reads the protocol published on Uber’s internal intranet, which was provided to CNET. Such actions include asking for IDs and a search warrant, offering tea or coffee and contacting Uber’s legal department.
If the authorities begin an investigation, Uber has a list of “do’s” and “don’ts” employees should follow. Do’s include cooperating with the authorities and disclosing requested documents. Don’ts say not to volunteer any information, nor “delete, destroy, conceal any document or data.” It’s unclear if this protocol was in place during the time period Uber used Ripley.
Uber said that it doesn’t destroy evidence and it has let government officials walk out the door with company laptops before — it all depends if the data the authorities want is covered by legal privilege, such as correspondence between Uber and a lawyer.
Uber has drawn scrutiny in the past for designing software to evade authorities. Last March, the New York Times revealed the company usedin some cities where Uber wasn’t yet allowed to operate. The software let the company target certain individuals, like police, and show them a mock-up version of the app with no cars available.
Uber is now under investigation by the US Department of Justice for its use of Greyball. It’s also facing at leastby the US government.
As for software like Ripley, Prey or uLocker, Uber said there’s nothing secretive about it. It’s basically the same software someone would use if they lost their smartphone.
“For instance, if an employee loses their laptop, we have the ability to remotely log them out of Uber’s systems to prevent someone else from accessing private user data through that laptop,” the Uber spokeswoman said.
CNET Magazine: Check out a sample of the stories in CNET’s newsstand edition.
Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it?